Lucene search

K

Side Menu Lite – Add Sticky Fixed Buttons Security Vulnerabilities

kitploit
kitploit

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

7.2AI Score

2024-06-16 05:16 PM
7
mageia
mageia

Updated nss & firefox packages fix security vulnerabilities

Use-after-free in networking. (CVE-2024-5702) Use-after-free in JavaScript object transplant. (CVE-2024-5688) External protocol handlers leaked by timing attack. (CVE-2024-5690) Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691) Cross-Origin Image leak....

7.9AI Score

0.0004EPSS

2024-06-16 02:07 AM
6
nessus
nessus

Debian dsa-5712 : ffmpeg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...

8AI Score

0.0004EPSS

2024-06-16 12:00 AM
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
147
nvd
nvd

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 06:15 AM
2
cve
cve

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 06:15 AM
7
cvelist
cvelist

CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 05:45 AM
2
nessus
nessus

SUSE SLES15 Security Update : libaom (SUSE-SU-2024:2030-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2030-1 advisory. - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). Tenable has extracted the...

7.5AI Score

0.0004EPSS

2024-06-15 12:00 AM
nessus
nessus

Debian dsa-5711 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...

7.5AI Score

0.0004EPSS

2024-06-15 12:00 AM
1
nessus
nessus

Debian dla-3828 : atril - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3828 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] ...

9.6CVSS

9.1AI Score

0.005EPSS

2024-06-15 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : mariadb (SUSE-SU-2024:2032-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2032-1 advisory. - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Tenable has extracted the...

4.9CVSS

5.3AI Score

0.0005EPSS

2024-06-15 12:00 AM
nessus
nessus

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2031-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-06-15 12:00 AM
osv
osv

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 08:15 PM
cve
cve

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-14 08:15 PM
12
nvd
nvd

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 08:15 PM
1
vulnrichment
vulnrichment

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-14 07:12 PM
cvelist
cvelist

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in...

6.5CVSS

0.0004EPSS

2024-06-14 07:12 PM
3
rapid7blog
rapid7blog

Metasploit Weekly Wrap-Up 06/14/2024

New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...

9.9CVSS

8.2AI Score

0.938EPSS

2024-06-14 07:09 PM
1
cve
cve

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version &lt;...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-06-14 06:15 PM
10
nvd
nvd

CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version &lt;...

6.1CVSS

0.0004EPSS

2024-06-14 06:15 PM
2
cvelist
cvelist

CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version &lt;...

6.1CVSS

0.0004EPSS

2024-06-14 05:17 PM
nvd
nvd

CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

0.0004EPSS

2024-06-14 03:15 PM
cve
cve

CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-14 03:15 PM
12
cvelist
cvelist

CVE-2024-34694 LNbits improperly handles potential network and payment failures when using Eclair backend

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend....

8.1CVSS

0.0004EPSS

2024-06-14 02:31 PM
2
rocky
rocky

resource-agents bug fix update

An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

7.2AI Score

2024-06-14 02:00 PM
rocky
rocky

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...

8AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
osv
osv

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

8AI Score

0.0004EPSS

2024-06-14 02:00 PM
4
rocky
rocky

tomcat security and bug fix update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer...

7.1AI Score

0.0004EPSS

2024-06-14 02:00 PM
1
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): ...

7.3AI Score

0.0004EPSS

2024-06-14 02:00 PM
5
rocky
rocky

kernel-rt security and bug fix update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

7.8CVSS

7.9AI Score

0.001EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in...

7.8CVSS

6.9AI Score

0.001EPSS

2024-06-14 01:59 PM
3
osv
osv

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to...

6.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) firefox:...

7.5AI Score

0.0004EPSS

2024-06-14 01:59 PM
osv
osv

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...

7.6AI Score

0.0004EPSS

2024-06-14 01:59 PM
rocky
rocky

kernel update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

7.8CVSS

7.8AI Score

0.001EPSS

2024-06-14 01:59 PM
1
rocky
rocky

bind and dhcp security update

An update is available for dhcp, bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the...

7.5CVSS

7.8AI Score

0.05EPSS

2024-06-14 01:59 PM
1
osv
osv

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340) kernel:...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-14 01:59 PM
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
cve
cve

CVE-2024-5155

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.6AI Score

0.0004EPSS

2024-06-14 06:15 AM
22
nvd
nvd

CVE-2024-5155

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:15 AM
3
cve
cve

CVE-2024-3972

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.6AI Score

0.0004EPSS

2024-06-14 06:15 AM
11
cve
cve

CVE-2024-3993

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.6AI Score

0.0004EPSS

2024-06-14 06:15 AM
10
nvd
nvd

CVE-2024-3993

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:15 AM
4
nvd
nvd

CVE-2024-3972

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:15 AM
3
cvelist
cvelist

CVE-2024-5155 Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
4
vulnrichment
vulnrichment

CVE-2024-5155 Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
3
vulnrichment
vulnrichment

CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

6AI Score

0.0004EPSS

2024-06-14 06:00 AM
cvelist
cvelist

CVE-2024-3972 Similarity <= 3.0 - Stored XSS via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...

0.0004EPSS

2024-06-14 06:00 AM
2
Total number of security vulnerabilities391241